[kernel] r16957 - in dists/squeeze/linux-2.6/debian: . patches/bugfix/all patches/debian patches/series
Ben Hutchings
benh at alioth.debian.org
Tue Mar 1 02:19:36 UTC 2011
Author: benh
Date: Tue Mar 1 02:19:31 2011
New Revision: 16957
Log:
drm: Fix unsigned vs signed comparison issue in modeset ctl ioctl (CVE-2011-1013)
Added:
dists/squeeze/linux-2.6/debian/patches/bugfix/all/drm-fix-unsigned-vs-signed-comparison-issue-in-modes.patch
dists/squeeze/linux-2.6/debian/patches/debian/drm-Avoid-ABI-change-from-fix-for-CVE-2011-1013.patch
Modified:
dists/squeeze/linux-2.6/debian/changelog
dists/squeeze/linux-2.6/debian/patches/series/31
Modified: dists/squeeze/linux-2.6/debian/changelog
==============================================================================
--- dists/squeeze/linux-2.6/debian/changelog Mon Feb 28 19:50:26 2011 (r16956)
+++ dists/squeeze/linux-2.6/debian/changelog Tue Mar 1 02:19:31 2011 (r16957)
@@ -36,6 +36,8 @@
* iowarrior: Don't trust report_size for buffer size (CVE-2010-4656)
* ALSA: caiaq - Fix possible string-buffer overflow (CVE-2011-0712)
* fs/partitions: Validate map_count in Mac partition tables (CVE-2011-1010)
+ * drm: Fix unsigned vs signed comparison issue in modeset ctl ioctl
+ (CVE-2011-1013)
[ dann frazier ]
* xfs: fix information leak using stale NFS handle (CVE-2010-2943)
Added: dists/squeeze/linux-2.6/debian/patches/bugfix/all/drm-fix-unsigned-vs-signed-comparison-issue-in-modes.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/squeeze/linux-2.6/debian/patches/bugfix/all/drm-fix-unsigned-vs-signed-comparison-issue-in-modes.patch Tue Mar 1 02:19:31 2011 (r16957)
@@ -0,0 +1,36 @@
+From: Dave Airlie <airlied at redhat.com>
+Date: Thu, 24 Feb 2011 08:35:06 +1000
+Subject: [PATCH] drm: fix unsigned vs signed comparison issue in modeset ctl ioctl.
+
+commit 1922756124ddd53846877416d92ba4a802bc658f upstream.
+
+This fixes CVE-2011-1013.
+
+Reported-by: Matthiew Herrb (OpenBSD X.org team)
+Cc: stable at kernel.org
+Signed-off-by: Dave Airlie <airlied at redhat.com>
+[bwh: Adjust for Debian's 2.6.32]
+---
+--- a/drivers/gpu/drm/drm_irq.c
++++ b/drivers/gpu/drm/drm_irq.c
+@@ -543,7 +543,8 @@ int drm_modeset_ctl(struct drm_device *dev, void *data,
+ struct drm_file *file_priv)
+ {
+ struct drm_modeset_ctl *modeset = data;
+- int crtc, ret = 0;
++ int ret = 0;
++ unsigned int crtc;
+
+ /* If drm_vblank_init() hasn't been called yet, just no-op */
+ if (!dev->num_crtcs)
+--- a/include/drm/drmP.h
++++ b/include/drm/drmP.h
+@@ -1020,7 +1020,7 @@ struct drm_device {
+ struct pci_controller *hose;
+ #endif
+ struct drm_sg_mem *sg; /**< Scatter gather memory */
+- int num_crtcs; /**< Number of CRTCs on this device */
++ unsigned int num_crtcs; /**< Number of CRTCs on this device */
+ void *dev_private; /**< device private data */
+ void *mm_private;
+ struct address_space *dev_mapping;
Added: dists/squeeze/linux-2.6/debian/patches/debian/drm-Avoid-ABI-change-from-fix-for-CVE-2011-1013.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/squeeze/linux-2.6/debian/patches/debian/drm-Avoid-ABI-change-from-fix-for-CVE-2011-1013.patch Tue Mar 1 02:19:31 2011 (r16957)
@@ -0,0 +1,27 @@
+From: Ben Hutchings <ben at decadent.org.uk>
+Date: Tue, 1 Mar 2011 01:54:06 +0000
+Subject: [PATCH] drm: Avoid ABI change from fix for CVE-2011-1013
+
+---
+ include/drm/drmP.h | 5 ++++-
+ 1 files changed, 4 insertions(+), 1 deletions(-)
+
+diff --git a/include/drm/drmP.h b/include/drm/drmP.h
+index c6c8eb9..a8cd0ae 100644
+--- a/include/drm/drmP.h
++++ b/include/drm/drmP.h
+@@ -1020,7 +1020,10 @@ struct drm_device {
+ struct pci_controller *hose;
+ #endif
+ struct drm_sg_mem *sg; /**< Scatter gather memory */
+- unsigned int num_crtcs; /**< Number of CRTCs on this device */
++#ifndef __GENKSYMS__
++ unsigned
++#endif
++ int num_crtcs; /**< Number of CRTCs on this device */
+ void *dev_private; /**< device private data */
+ void *mm_private;
+ struct address_space *dev_mapping;
+--
+1.7.4.1
+
Modified: dists/squeeze/linux-2.6/debian/patches/series/31
==============================================================================
--- dists/squeeze/linux-2.6/debian/patches/series/31 Mon Feb 28 19:50:26 2011 (r16956)
+++ dists/squeeze/linux-2.6/debian/patches/series/31 Tue Mar 1 02:19:31 2011 (r16957)
@@ -43,3 +43,5 @@
+ bugfix/all/fs-partitions-Validate-map_count-in-Mac-partition-ta.patch
+ features/all/hwmon-k10temp.patch
+ bugfix/all/HID-add-support-for-Acan-FG-8100-barcode-reader.patch
++ bugfix/all/drm-fix-unsigned-vs-signed-comparison-issue-in-modes.patch
++ debian/drm-Avoid-ABI-change-from-fix-for-CVE-2011-1013.patch
More information about the Kernel-svn-changes
mailing list